|
|
Log in / Subscribe / Register

Control-flow integrity in 5.13

Control-flow integrity in 5.13

Posted May 25, 2021 17:53 UTC (Tue) by andresfreund (subscriber, #69562)
Parent article: Control-flow integrity in 5.13

> There doesn't seem to be much in the way of data regarding the performance impact of this feature, but the LLVM page describing CFI says that its cost is "less than 1%".

I have a quite hard time believing that, tbh. Not in the sense that I don't believe that there are no workload in which that is true (probably lots), but that it's true in all "common" workloads. The dcache footprint alone makes me doubt this. It's not helped by the subsequent sentence in the LLVM page:

"Note that this scheme has not yet been optimized for binary size; an increase of up to 15% has been observed for Chromium."

There's *lots* of code that is primarily bound by icache misses. A 15% increase is pretty substantial.

I assume that the code size increase in the kernel would be lower than for chromium, which probably has a lot more vtables than linux has "callback structs" like file_operations.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds